CVE-2023-29050

Name of the Vulnerable Software and Affected Versions No specific software name or versions are mentioned in the provided descriptions.

Description The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings, allowing access to content outside of the intended hierarchy. This could lead to unauthorized users breaking confidentiality of information in the directory and potentially causing high load on the directory server, resulting in denial of service. Encoding has been added for user-provided fragments used when constructing the LDAP query. No publicly available exploits are known.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.